Windows 10 and 2016 as OpenVPN servers

Samples of working configurations.
Post Reply
bbuckm
OpenVPN User
Posts: 37
Joined: Thu Apr 26, 2018 2:45 pm

Windows 10 and 2016 as OpenVPN servers

Post by bbuckm » Tue May 29, 2018 1:33 pm

I have updated the earlier posts giving example configurations for using Windows as a server. I have also re-tested the up-to-date versions. Documentation is here:

OpenVPN on Windows Server 2016

OpenVPN on Windows 10

Ano Nymous
OpenVpn Newbie
Posts: 8
Joined: Mon May 28, 2018 7:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by Ano Nymous » Wed May 30, 2018 8:36 pm

Thanks for that but on a fresh installation following that guide and having removed every trace of the previous installation (that I can find!) I get the infamous "An error occurred installing the TAP device driver" and that's after running it as an administrator of course.
There was no TAP adapter visible in Device Manager or in Network Settings prior to starting this install.
I ran CCleaner registry tool to try to remove any registry issues multiple times.
I have read the thread at viewtopic.php?t=22888 "TAP installer failed on Windows 10" and also https://community.openvpn.net/openvpn/ticket/592 "#592 Tap-Windows Adapter Not work Windows 10"
This is on Windows 10 1803 build 17134.48.

Ano Nymous
OpenVpn Newbie
Posts: 8
Joined: Mon May 28, 2018 7:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by Ano Nymous » Wed May 30, 2018 8:49 pm

PS: your documentation at "Managing Windows TAP Drivers" refers to devcon.exe but fails to mention that's not part of Windows but requires WDK, Visual Studio, or Windows SDK.

bbuckm
OpenVPN User
Posts: 37
Joined: Thu Apr 26, 2018 2:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by bbuckm » Wed May 30, 2018 9:09 pm

Ano Nymous wrote:
Wed May 30, 2018 8:49 pm
PS: your documentation at "Managing Windows TAP Drivers" refers to devcon.exe but fails to mention that's not part of Windows but requires WDK, Visual Studio, or Windows SDK.
Are you sure this is in my blog? I don't think I've ever heard of devcon.exe.

Ano Nymous
OpenVpn Newbie
Posts: 8
Joined: Mon May 28, 2018 7:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by Ano Nymous » Thu May 31, 2018 11:29 pm

bbuckm wrote:
Wed May 30, 2018 9:09 pm
Are you sure this is in my blog? I don't think I've ever heard of devcon.exe.
No, sorry, I was referring to the documentation on openvpn.org not to your new guide which has been very helfpul. I worked my way through it this afternoon, and while there is a lot to the server config file that I don't understand, I'm a lot closer than I was so thank you.

With the line

Code: Select all

tls-crypt tlscrypt.key
I do get an error of no such file or directory so at the moment it is commented out. The tls-crypt.key file was created as you outline in your guide and copied to C:\Program Files\OpenVPN\config so I hope I've done that correctly.

With that one line commented out and the rest of your instructions in the server config file I get the following in the log, most of which I have no idea what to do with:

Code: Select all

Thu May 31 19:14:47 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu May 31 19:14:47 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu May 31 19:14:47 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Thu May 31 19:14:47 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu May 31 19:14:47 2018 Diffie-Hellman initialized with 2048 bit key
Thu May 31 19:14:47 2018 interactive service msg_channel=0
Thu May 31 19:14:47 2018 ROUTE_GATEWAY 192.168.1.2/255.255.255.0 I=9 HWADDR=48:4d:7e:f7:10:8b
Thu May 31 19:14:47 2018 open_tun
Thu May 31 19:14:47 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{9D4D8D69-6B2E-466C-B0C7-FF3F7CED6913}.tap
Thu May 31 19:14:47 2018 TAP-Windows Driver Version 9.21 
Thu May 31 19:14:47 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {9D4D8D69-6B2E-466C-B0C7-FF3F7CED6913} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Thu May 31 19:14:47 2018 Sleeping for 10 seconds...
Thu May 31 19:14:57 2018 Successful ARP Flush on interface [13] {9D4D8D69-6B2E-466C-B0C7-FF3F7CED6913}
Thu May 31 19:14:57 2018 WARNING: You have selected '--ip-win32 dynamic', which will not work unless the TAP-Windows TCP/IP properties are set to 'Obtain an IP address automatically'
Thu May 31 19:14:57 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu May 31 19:14:57 2018 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu May 31 19:14:57 2018 Warning: route gateway is not reachable on any active network adapters: 10.8.0.2
Thu May 31 19:14:57 2018 Route addition via IPAPI failed [adaptive]
Thu May 31 19:14:57 2018 Route addition fallback to route.exe
Thu May 31 19:14:57 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Thu May 31 19:14:57 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu May 31 19:14:57 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu May 31 19:14:57 2018 setsockopt(IPV6_V6ONLY=0)
Thu May 31 19:14:57 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
Thu May 31 19:14:57 2018 UDPv6 link remote: [AF_UNSPEC]
Thu May 31 19:14:57 2018 MULTI: multi_init called, r=256 v=256
Thu May 31 19:14:57 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu May 31 19:14:57 2018 IFCONFIG POOL LIST
Thu May 31 19:14:57 2018 Initialization Sequence Completed
In particular I have no idea what the 4 lines referring to "push" refer to except that I can guess about blocking outside DNS.
Very grateful for any help with this and thanks again for the guide.

Ano Nymous
OpenVpn Newbie
Posts: 8
Joined: Mon May 28, 2018 7:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by Ano Nymous » Fri Jun 01, 2018 12:40 am

Further to the above - the WARNING: You have selected '--ip-win32 dynamic' which will not work unless the TAP-Windows TCP/IP properties are set to 'Obtain an IP address automatically' - I actually don't know where "ip-win32 dynamic" is found and the TAP adapter is set to a static IP address but I don't know where it came from - I never set it, I don't recognize it, and I don't know what created it. The address is 192.168.137.1 and there are no gateway and no DNS settings entered. I've read that in order to make this work I'll need to add the gateway address of the router to the TAP properties. (See http://asktheoracle.com/blog/how-to-mak ... -firewall/)

Ano Nymous
OpenVpn Newbie
Posts: 8
Joined: Mon May 28, 2018 7:45 pm

Re: Windows 10 and 2016 as OpenVPN servers

Post by Ano Nymous » Fri Jun 01, 2018 3:33 am

In continuing the efforts to troubleshoot I found reference to

Code: Select all

push "ip-win32 dynamic 0 3600"
and added it to the server.ovpn file and that set the TAP-Windows adapter to dynamic IP.
Corrected a minor misstep from earlier experimentation and now OpenVPN connects between my Windows 10 server and Windows 10 client.
Now the next step will be a test with changing the IP scheme on the client end - these are both small office LANs and I inherited 192.168.1.1 on both.
Plan will be to change the satellite office and then see if the one shared folder on the server is accessible. Fingers crosssed.
If that goes smoothly I'll look into the TLS error and see if there is anything else that needs locking down.

Post Reply